On Fri, Mar 15, 2019 at 3:35 PM Daymion Reynolds via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> > On Wednesday, March 13, 2019 at 8:17:00 PM UTC-4, Daymion Reynolds wrote: > > > > > In accordance with our conversations to date, prior to 3/7 6:30pm AZ > we utilized raw 64 bit output from CSPRING, with uniqueness and non zero > checks. This new understanding of the rules calls for us to modify our > original disclosure to 0 affected certificates. > > Please read through earlier posts discussing this. > Daymion, I was hoping you could respond more. I think based on the discussion on the list to date, it's actually not clear that GoDaddy was compliant (as noted in [1]), and Adam's response seems to support that. A filtering algorithm that "returns 64 random bits from a CSPRNG with at least one bit in the highest byte set to 1" is fairly ambiguous. If you're returning 64 random bits AND a byte with at least one bit set to one, that's different than returning 64 random bits and discarding values which don't have a bit in the high byte set to one. [1] https://groups.google.com/d/msg/mozilla.dev.security.policy/S2KNbJSJ-hs/ydp17Nz7BgAJ [2] https://groups.google.com/d/msg/mozilla.dev.security.policy/S2KNbJSJ-hs/2UIea4fyBgAJ _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy